Software for advanced execution path inspection
Gridin, Iaroslav (2020)
Gridin, Iaroslav
2020
Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2020-11-24
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202010277536
https://urn.fi/URN:NBN:fi:tuni-202010277536
Tiivistelmä
Execution path is a subset of code that gets executed during operation of software. Inspection of the execution path is often required when analysing software for vulnerabilities. This thesis describes Triggerfow, a tool for tracking execution paths, that can be used to facilitate such inspection. Triggerfow works by leveraging debugger to dynamically analyze code execution and fltering results using source code annotations. The thesis describes the tool interface, engineering choices made during its development, techniques it uses, and supporting software and methodology of deploying continuous integration using this software. Triggerfow was originally developed for detecting side-channel vulnerabilities in OpenSSL. The work on Triggerfow led to a conference publication at DIMVA 2019, main author being the author of this thesis. The conference paper is included as appendix A